fix: Fix error parsing in mod_http_oauth2

Author: RemiBardon

api/crates/prosody-http/src/lib.rs

@@ -92,26 +92,28 @@ pub mod error {
     /// ```
     #[derive(Debug, Deserialize, thiserror::Error)]
     #[error("{reason}", reason = error.text)]
-    pub struct ProsodyHttpError<ExtraInfo = Option<DefaultExtraInfo>> {
+    pub struct ProsodyHttpError<ExtraInfo = DefaultExtraInfo> {
         error: ProsodyHttpErrorDetails<ExtraInfo>,
         pub code: u16,
     }
 
     impl<T> ProsodyHttpError<T> {
         #[inline]
-        pub fn into_inner(self) -> T {
+        pub fn into_inner(self) -> Option<T> {
             self.error.extra
         }
     }
 
     /// See [`ProsodyHttpError`].
     #[derive(Debug, Deserialize)]
     pub struct ProsodyHttpErrorDetails<ExtraInfo> {
-        pub source: Box<str>,
+        #[serde(default)]
+        pub source: Option<Box<str>>,
         pub text: Box<str>,
         pub condition: Box<str>,
         pub r#type: Box<str>,
-        pub extra: ExtraInfo,
+        #[serde(default = "Option::default")]
+        pub extra: Option<ExtraInfo>,
     }
 
     pub use ProsodyHttpErrorDefaultExtraInfo as DefaultExtraInfo;

api/crates/prosody-http/src/mod_http_oauth2.rs

@@ -516,57 +516,105 @@ fn receive<Response: DeserializeOwned>(
     } else {
         // Read the reponse body, as `mod_http_oauth2` isn’t very
         // expressive with HTTP status codes.
-        let error = response
+        let json = response
             .body_mut()
-            .read_json::<crate::Error<self::ApiError>>()
-            .context("Could not decode Prosody OAuth 2.0 API error")?
-            .into_inner();
-
-        match error.name.as_ref() {
-            // Unauthorized.
-            "not-authorized" | "expired_token" | "invalid_grant" | "login_required" => {
-                tracing::debug!("{error}");
-                Err(self::Error::Unauthorized(anyhow::Error::new(error)))
-            }
-            "invalid_request" if error.description.as_deref() == Some("invalid JID") => {
-                tracing::debug!("{error}");
-                Err(self::Error::Unauthorized(anyhow::Error::new(error)))
-            }
+            .read_json::<serde_json::Value>()
+            .context("Prosody OAuth 2.0 API error is not valid JSON")?;
+
+        match serde_json::from_value::<self::ApiError>(json.clone()) {
+            Ok(error) => match error.name.as_ref() {
+                // Unauthorized.
+                "expired_token" | "invalid_grant" | "login_required" => {
+                    tracing::debug!("{error}");
+                    Err(self::Error::Unauthorized(anyhow::Error::new(error)))
+                }
+                "invalid_request" if error.description.as_deref() == Some("invalid JID") => {
+                    tracing::debug!("{error}");
+                    Err(self::Error::Unauthorized(anyhow::Error::new(error)))
+                }
 
-            // Forbidden.
-            "forbidden" | "access_denied" => {
-                tracing::warn!("{error}");
-                Err(self::Error::Forbidden(anyhow::Error::new(error)))
-            }
+                // Forbidden.
+                "access_denied" => {
+                    tracing::warn!("{error}");
+                    Err(self::Error::Forbidden(anyhow::Error::new(error)))
+                }
 
-            // Internal errors.
-            "internal-server-error"
-            | "feature-not-implemented"
-            | "invalid_client"
-            | "invalid_client_metadata"
-            | "invalid_redirect_uri"
-            | "invalid_request"
-            | "invalid_scope"
-            | "temporarily_unavailable"
-            | "unsupported_response_type" => {
-                tracing::error!("{error}");
-                Err(self::Error::Internal(anyhow::Error::new(error)))
-            }
-            "unauthorized_client" => {
-                tracing::warn!(
-                    "OAuth 2.0 client unauthorized ({error}). \
-                    Make sure to register one before making calls."
-                );
-                Err(self::Error::Internal(anyhow::Error::new(error)))
-            }
+                // Internal errors.
+                "invalid_client"
+                | "invalid_client_metadata"
+                | "invalid_redirect_uri"
+                | "invalid_request"
+                | "invalid_scope"
+                | "temporarily_unavailable"
+                | "unsupported_response_type" => {
+                    tracing::error!("{error}");
+                    Err(self::Error::Internal(anyhow::Error::new(error)))
+                }
+                "unauthorized_client" => {
+                    tracing::warn!(
+                        "OAuth 2.0 client unauthorized ({error}). \
+                        Make sure to register one before making calls."
+                    );
+                    Err(self::Error::Internal(anyhow::Error::new(error)))
+                }
 
-            // Catch-all.
-            _ => {
-                tracing::error!("{error}");
-                if cfg!(debug_assertions) {
-                    panic!("Unknown error")
+                // Catch-all.
+                _ => {
+                    tracing::error!("{error}");
+                    if cfg!(debug_assertions) {
+                        panic!("Unknown error")
+                    }
+                    Err(self::Error::Internal(anyhow::Error::new(error)))
+                }
+            },
+            Err(_) => {
+                // TODO: Factor this case so it’s shared between all mods.
+                let error = serde_json::from_value::<crate::Error>(json)
+                    .context("Could not decode Prosody OAuth 2.0 API error")?;
+
+                match error.condition.as_ref() {
+                    // Unauthorized.
+                    "not-authorized" => {
+                        tracing::debug!("{error}");
+                        Err(self::Error::Unauthorized(anyhow::Error::new(error)))
+                    }
+
+                    // Forbidden.
+                    "forbidden" => {
+                        tracing::warn!("{error}");
+                        Err(self::Error::Forbidden(anyhow::Error::new(error)))
+                    }
+
+                    // Internal errors.
+                    "internal-server-error"
+                    | "feature-not-implemented"
+                    | "invalid_client"
+                    | "invalid_client_metadata"
+                    | "invalid_redirect_uri"
+                    | "invalid_request"
+                    | "invalid_scope"
+                    | "temporarily_unavailable"
+                    | "unsupported_response_type" => {
+                        tracing::error!("{error}");
+                        Err(self::Error::Internal(anyhow::Error::new(error)))
+                    }
+                    "unauthorized_client" => {
+                        tracing::warn!(
+                            "OAuth 2.0 client unauthorized ({error}). \
+                            Make sure to register one before making calls."
+                        );
+                        Err(self::Error::Internal(anyhow::Error::new(error)))
+                    }
+
+                    // Catch-all.
+                    _ => {
+                        tracing::error!("{error}");
+                        if cfg!(debug_assertions) {
+                            panic!("Unknown error")
+                        }
+                        Err(self::Error::Internal(anyhow::Error::new(error)))
+                    }
                 }
-                Err(self::Error::Internal(anyhow::Error::new(error)))
             }
         }
     }

plugins/community-patches/patch-6364-2d3c5aad5b53.diff

@@ -0,0 +1,40 @@
+# HG changeset patch
+# User Rémi Bardon <[email protected]>
+# Date 1762249606 -28800
+#      Tue Nov 04 17:46:46 2025 +0800
+# Node ID 2d3c5aad5b534413bf84f8f41dfd0a13b48ee437
+# Parent  c69edc9c19fff24752086dba7cfeb30f289b2165
+mod_http_oauth2: Coerce net.http errors more consistently
+
+diff -r c69edc9c19ff -r 2d3c5aad5b53 mod_rest/mod_rest.lua
+--- a/mod_rest/mod_rest.lua	Mon Nov 03 15:32:36 2025 +0800
++++ b/mod_rest/mod_rest.lua	Tue Nov 04 17:46:46 2025 +0800
+@@ -6,6 +6,7 @@
+ 
+ local encodings = require "util.encodings";
+ local base64 = encodings.base64;
++local code2err = require "net.http.errors".registry;
+ local errors = require "util.error";
+ local http = require "net.http";
+ local id = require "util.id";
+@@ -532,8 +533,6 @@
+ 			end
+ 		end);
+ 
+-	local code2err = require "net.http.errors".registry;
+-
+ 	local function handle_stanza(event)
+ 		local stanza, origin = event.stanza, event.origin;
+ 		local reply_allowed = stanza.attr.type ~= "error" and stanza.attr.type ~= "result";
+@@ -685,6 +684,11 @@
+ module:hook_object_event(http_server, "http-error", function (event)
+ 	local request, response = event.request, event.response;
+ 	local response_as = decide_type(request and request.headers.accept or "", supported_errors);
++
++	if not event.error and code2err[event.code] then
++		event.error = errors.new(event.code, nil, code2err);
++	end
++
+ 	if response_as == "application/xmpp+xml" then
+ 		if response then
+ 			response.headers.content_type = "application/xmpp+xml";

plugins/community/.hg/dirstate

@@ -1,6 +1,2 @@
-mod_http_admin_api: Accept `"application/json"` with parameters
-
-Some HTTP clients set `"application/json; charset=utf-8"` for JSON by default.
-Instead of having to add client-side workarounds and cluttering call sites,
-we can just support it by not checking for an exact match.
+mod_http_oauth2: Coerce net.http errors more consistently